Linux

I recently purchased a Synology 1815+ NAS to increase my home network storage a bit and the performance was not what I was expecting out of the box. There were a few things that I identified to try and get things working a little bit faster. I was able to achieve roughly 50-75MB/s during volume growth and reshaping.

Step 1: Increase Stripe Cache Size
This will increase the lower min speed to consume for the raid volume reshaping/rebuilding. You will still hit a limit based on your spindle speed and CPU throughput.

Overview

Why you might ask? Because it’s interesting to see what all the things on your network are phoning home to. Most modern devices will not hard code and IP address for operations since those tend to be transient in nature now.

So this post is has my Logstash configuration It’s pretty simple.

Prerequisites

Must have Elasticsearch, Logstash, and Kibana installed.

Must have PFSense setup with logging turned up to 5 for the unbound process.

It looks like the package didn’t install the http2 module during a recent upgrade I did. A workaround to install the http2 module on Ubuntu 16.04 if it’s not present in your apache2 installed package. This method should still allow you to get security updates.

The solution is to compile the current apache2 build and just copy the required module into the appropriate folders.

Overview

Our objective here is to setup Elasticsearch, Logstash, and Kibana to be able to consume PFSense 2.3 syslog feeds for the different modules so that we can create pretty graphs and operational dashboards.

Installation

The first thing that you want to do is install Java. ElasticSearch and LogStash both run jRuby which is a java variant of ruby. Kibana runs NodeJS.

Make sure your system is up to date: sudo apt update && sudo apt upgrade -y

Configure Kibana

Edit the following lines in your /opt/kibana/config/kibana.yml file to look like:

# Kibana is served by a back end server. This controls which port to use.
server.port: 5601
# The host to bind the server to.
server.host: "X.X.X.X"
# The Elasticsearch instance to use for all your queries.
elasticsearch.url: "http://localhost:9200"

Create Index in Kibana

Browser to http://X.X.X.X:5601

Settings Page -> Indices -> Add New

Kibana pfSense New Index

Now you can search, create visualizations, and dashboards of visualizations!!

If anyone has any cool looking pfSense dashboards for 2.3 let me know, I’d like to post some examples.